The Weaponization of Software License Audits

Date

By Dr. Michael Corey and Don Sullivan

Apr 1, 2022

Many organizations still remember the sting of being a victim of the dreaded patent trolls. Patents were granted to encourage, recognize, and reward innovation. Awarding the inventors with a well-defined degree of exclusivity for a period of time improves their chances of both financial reward and the recouping their initial investment. “Patent troll” is a derogatory term that describes a business or entity that uses patent infringement claims to win legal judgments or out-of-court settlements for profit using patent law outside its intended purpose. Speaking during an online Fireside Hangout talk on patent trolls, President Barack Obama stated these rogue figures and organizations fail to produce anything of value themselves. They’re just trying to essentially leverage and hijack somebody else’s idea and see if they can extort some money out of them. In 2013, it was reported that the number of lawsuits in just 2 years brought by this cottage industry had nearly tripled and accounted for 62% of all patent lawsuits in the U.S. All told, in 2019, the victims of patent trolls paid $29 billion, a 400% increase in less than 4 years, not to mention tens of billions of dollars lost in shareholder value.

Software License Audits

“Software license audits” have provided fertile ground for vendors to generate revenue for many years. Gartner reported, “Vendor-imposed and revenue-motivated audits are increasing for organizations of all sizes and industries.” Numerous industry publications fully support this fact in articles such as “Software Audits: How High Tech Plays Hardball” (InfoWorld) and “Software audits continue to rise” (CIO). 

“In the decade we have been checking companies for software license compliance, we have yet to find a company 100% compliant,” said Dean Bolton, the chief architect at LicenseFortress, “so it should come as no surprise that large software vendors have become diligent in their software license audits.”

It was just a matter of time before the lure of easy money enticed others to find alternate paths that would allow them to take advantage of the complicated contracts which comprise today’s software licensing agreements, just as the patent trolls learned to take advantage of the patent system outside its intended purpose. This new generation, the “software licensing troll,” has taken a page out of the patent troll guide and is distorting the state of software license contract safeguards beyond their intended purpose.

Weaponization

No one disputes that software vendors have a right to protect their intellectual property. It is standard practice when a business purchases software from a vendor to include the right to perform a periodic software license compliance audit in the contract. It’s also common practice to have in the contractual language that failure to comply with the request for a software audit grants the vendor the right to revoke the customer’s privilege to use the software preemptively. Many vendors require the customer to run proprietary scripts or specialized software to facilitate the software license audit. Even if it’s not a contractual requirement, it’s common for a vendor to request that the customer use that same software or scripts to facilitate the software license audit.

Software is routinely delivered through a download. During the download or installation process, there is a requirement for the customer to read a contract and click a harmless checkbox signifying agreement to it. How many of us read those contracts? These requirements and others were put in place so that reputable vendors could protect their intellectual property.

Just as the patent troll used patent law outside its intended purpose, the very tools that vendors put in place to protect their intellectual property can easily be weaponized by unscrupulous vendors.

Low Barrier to Entry

Unlike a patent claim with a high burden of entry to pursue, a software license compliance audit and its respective claim have a low entry barrier. The vendors have a contractual right to audit you, and if you don’t comply, they can preemptively take away your right to use the software.

The patent trolls must engage lawyers or threaten litigation. The software license troll can send you a notice that usually has a very ominous tone and a legal representation that you no longer have the right to use the software. A software license troll could easily adjust your master service agreement in the electronic click-through contract as you downloaded or installed software. It could well be a year later in the midst of an audit that a customer unhappily discovers that they are being held to an entirely different standard than they initially understood. “While there are some exceptions, click-through licenses tend to be enforceable,” said Joel T. Much more of Beeman & Muchmore, LLP, a boutique law-firm dedicated to software license consulting. “As vendors have gotten increasingly savvy in creating enforceable click-through licenses, companies should assume the worst and ensure a lawyer in the mix.”

While many large software vendors aggressively audit their customers and put contractual obligations in place to protect their intellectual property, we should not consider them to be patent trolls. Similar to other reputable vendors, these large software vendors seek to increase their revenue and footprint in their clients’ license portfolios and ultimately pursue a long-term relationship. The more integrated they can become inside the client, the harder it will be for the customer to disentangle themselves from the vendor.

However, there have been cases where some established software vendors have been acquired and their new leadership has sought to exploit the existing customers using the very mechanisms that were put in place solely to protect the vendors’ intellectual property. Trolls also are often controlled by outside venture capital, and there can be a striking indifference to the client relationship as the company is steered to short-term profits. Trolls can be dangerous because, unlike some more prominent vendors, they are not afraid to sue their licensees to send a message to the market to make it easier to collect on penalties.

As a result, companies need to manage their software compliance. Since so many customers fail to do so, vendors are encouraged to increase the pace of their software license audits, and these customers can also become easy prey for emerging software license trolls.

How to Protect Your Organization From the Software License Troll

If you use software, you should expect to pay for it. More importantly, it is essential for every user of expensive software, which usually carries complicated licensing agreements, to manage those licenses and prepare for an eventual audit. Even the most careful customers can make mistakes, so each customer should consider engaging with a third-party company that has the discipline of managing software licensing at its core. To use a baseball analogy, you should be a major league hitter if you are planning on facing major league pitching.

“The era of the gentleman’s audit should be considered over,” said Arthur S. Beeman, also of Beeman and Muchmore. “Long gone are the days in which the full and unguarded release of information could lead to a mannered true-up. All licensees are targets from vendors of all sizes and should act accordingly.”

Start with an ounce of prevention. Put technology and processes in play to proactively manage your software license compliance. For some companies, this means implementing a software asset management solution from a company such as Flexera or Snow Software that provides an inventory of software deployments. Some organizations find it more advantageous to obtain a software asset management (SAM) managed service, which may include a SAM tool, access to consultants, education, or legal support. At a minimum, you should have a periodic proactive review of your software license compliance. Sticking your head in the sand means you are putting your business at financial risk and will be easy prey when the software license troll knocks at your door.